4.4.5 Changing the group attribute in the Active Directory
Function
This plug-in changes the group attribute for the Active Directory of the specified server.
The prerequisite server for this plug-in is as follows:
- Execution target server
This server is used as the target for executing this plug-in. The Active Directory shown in the Prerequisite condition needs to be set up beforehand.
Scripts in this plug-in perform the following processing:
- Execution of the following command
dsmod group
"value-of-group-identifier(Windows.groupName-property)"
[-secgrp {yes|no}]*1
[-scope {l|g|u}]*2
[-desc "value-of-explanation(Windows.description-property)"]
Note 1: If you specify "true" for Necessity for security group settings (Windows.isSecurityGroup property), "yes" is set. If you specify "false", "no" is set. If you specify a value other than the above, this option is omitted.
Note 2: The option value corresponding to the scope (Windows.scope property) value is set.
For "local": "l"
For "global": "g"
For "universal": "u"
For details of the dsmod group command, see the relevant sections in the Microsoft library.
Use situation
This plug-in is used to change the group attribute in the Active Directory.
Prerequisites
For the latest support status of the following items, see the Release notes: Prerequisite product within the system, prerequisite products on the execution target server, and running OS on the execution target server.
Prerequisite product within the system:
- JP1/Automatic Operation 11-00 or later
Prerequisite products on the execution target server:
(1) Active Directory domain service
(2) DNS server
Running OS on the execution target server:
(1) Windows Server 2008 R2 Standard/Enterprise/Datacenter
(2) Windows Server 2012 Standard/Datacenter, Windows Server 2012 R2 Standard/Datacenter
Conditions of using prerequisite products on the execution target server:
None
Cautions
(1) Do not use a character string containing a double quotation mark (") or single quotation mark (') in a plug-in property.
(2) If you specify no value for the plug-in property, the attribute value corresponding to the plug-in property does not change.
Execution privilege
(1) When connecting to the execution server, the user needs to be a member of the Account Operators group, Domain Admins group, or Enterprise Admins group of the Active Directory domain service; and have proper authority.
Version
02.00.01
Plug-in tags
Configure Active Directory,Windows,Active Directory
Plug-in name displayed in the task log
adChangeGroupAttribute
Return code
0: Normal
12: Abnormal (user mistake), illegal property
21: Abnormal (illegal environment), command unfound (error detected in plug-in script)
27: Abnormal (Check the error details from the task log.)
41: Abnormal (error detected within the plug-in), property not entered (error detected in the plug-in script)
Property list
The following table lists the properties:
Property key |
Property name |
Description |
Default value |
I/O type |
Required |
---|---|---|---|---|---|
plugin.destinationHost |
Host name of the execution target server |
Specify the host name or IP address of the server on which this plugin will be executed. IPv6 addresses are not supported. |
-- |
Input |
R |
Windows.groupName |
Group identifier |
Specify an identifier of the group for which you want to change attributes, in a format beginning with CN=. |
-- |
Input |
R |
Windows.isSecurityGroup |
Necessity for security group settings |
To use the group as a security group, specify "true". To use the group as a distribution group, specify "false". |
-- |
Input |
O |
Windows.scope |
Scope |
Specify a scope for the group. Specifiable values include "local", "global", and "universal". |
-- |
Input |
O |
Windows.description |
Explanation |
Specify an explanation of the group after the change. |
-- |
Input |
O |
common.returnValue |
Return value for the plugin |
The return value of this plugin stored. |
-- |
Output |
O |